Information
security is becoming a high priority for businesses aroundthe world.
With the dramatic increase in electronic communications and electronic
commerce, there has been a corresponding increase in the malicious compromise
of that information. In this chapter, we’ll discusscommunications
security (COMSEC), that is; methods that keep importantcommunications
secure. We’ll also talk about transmission security(TRANSEC)
— schemes that make it difficult for someone to interceptor interfere
with your communications.

COMSEC

COMSEC uses
scrambling or cryptographic techniques to make information unintelligible
to people who do not have a need to know or who should not know. We’ll
differentiate here between cryptographic or ciphering techniques applied
to digital signals and scrambling techniques applied to analog signals.

Cryptography
is the process of encrypting (translating) information intoan apparently
random message at the transmitter and then deciphering the random message
by decryption at the receiver.

Historically,
sensitive information has been protected through the useof codes.
The sender would manually encode the messages beforetransmission
and the recipient would manually decode the messages upon receipt. Today’s
electronic technologies allow the coding/ decodingprocess to
occur automatically.

The process
involves using a mathematical algorithm, coupled with a key,to translate
information from the clear to the encrypted state. If sensitive information
is transmitted without the protection of cryptography and the information
is intercepted, it would require little effort or resources to understand
the transmittal. The US Government has established standards for the degree
of protection required for different levels of classified and sensitive
information.

In voice communications
systems that do not require extremely high security, you can protect against
casual eavesdropping by scrambling.Scrambling,
as an analog COMSEC technique, involves separating the voice signal into
a number of audio sub- bands, shifting each sub- band to a different audio
frequency range, and combining the resulting sub-bandsinto a composite
audio output that modulates the transmitter. A randompattern controls
the frequency shifting. The technique of scrambling thepattern is
similar to sending a message with a decoder ring, like the onessometimes
found in children’s cereal boxes. You can, for example,designate
that the letter c be ciphered as g, a as n, and t as w, so thatwhen you
receive the message gnw, you decode it as cat. Descramblingoccurs at
the receiver by reversing the process. In today’s digital age,analog scrambling
has given way to digital encryption.

Digital Encryption

To digitally
encrypt a transmission, analog voice information must be firstdigitized
by a VOCODER (as mentioned in Chapter 5), which converts thesignal into
a binary data stream.

The binary
data stream is then applied to what is called a “cryptographicengine.”
This is a processor which creates an extremely long, non-repeating
binary number stream based on a complex mathematical algorithm and a traffic
encryption key (TEK). The TEK is a binary number that is used to control
the algorithm.

Binary addition
is then used on a bit by bit basis to merge the cryptographic stream with
the data stream. A binary stream created in thisfashion is
inherently unpredictable, and bears little resemblance to theoriginal
data stream. It is now called encrypted data or cipher text.

Decryption
can only be accomplished by knowing the algorithm andthe TEK,
and then by reversing the encryption process. The data encryption strength
is a function of the complexity of the mathematical algorithm coupled with
the TEK (sometimes just called the key). Protection of the key is vital.

Even if an
unwanted organization gains access to the encrypted informa-tion and
has the algorithm, it is still impossible to decrypt the information without
the key. The US Government has developed rigorous key management procedures
to protect, distribute, store, and dispose of keys.In the past,
keys were manually loaded into a cryptographic device by usinga paper tape,
magnetic medium, or plug- in transfer device. Creation andsecure delivery
of keys to each user were significant problems in bothlogistics
and record keeping.

One type of
key management system also used in the commercial sectoris public
key cryptography. Under this standard, each user generates twokeys. One
is the public key, “Y,” and the other is the private key, “X.”

The Y value
derives from the X value. The strength of such a system lies in the difficulty
of deriving X from Y; what is encrypted with the Y key can only be decrypted
with the X key. By openly disseminating the user’s public Y key, and retaining
sole access to the private X key, anyone can send asecure message
to you by encrypting it with your public Y key. You are the only one, though,
who can decrypt the message, since only you have the private X key.

In a network
using this public key system, two- way secure communicationsare possible
among all network users. This is called an asymmetrical keysystem. The
alternative is a symmetric key system, in which the same keyencrypts
and decrypts data. Because both the originator and all recipientsmust have
the same keys, this system offers the highest levels of security.Harris has
led the way in developing state- of- the- art electronic means to secure
and distribute key material for these symmetric key- basedcommunications
systems.

A recent development
applicable to radio networks employs Over- The- Air-Rekeying
(OTAR). This technique nearly eliminates the need for manualloading of
keys and provides a secure key management.

OTAR is based
upon a benign key distribution system. It includes a keyencryption
key (KEK) used to encrypt the TEK and any other operationalCOMSEC or
TRANSEC keys. This process is referred to as “wrapping” todifferentiate
it from traffic encryption. The KEK is the only key that mustbe initially
loaded into both the sending and receiving units. Usually, aninitial set
of operational keys is loaded at the same time.

After wrapping,
subsequent distribution can use any physical or electronicmeans. In
an OTAR system, the wrapped keys are inserted into a messageand sent
over a radio link to the intended station using error- freetransmission
protocols (an error would render the keys useless). The linkused for
transmission is usually secured by the TEK currently in use. Thus,the key material
is doubly protected when sent over the air, practicallyeliminating
any possibility of compromise.

TRANSEC

TRANSEC employs
a number of techniques to prevent signal detection or jamming of the transmission
path. These techniques include hiding the radio transmission or making
it a moving target.

Low Probability
of Detection (LPD) systems hide the radio transmissionby transmitting
it using very low power, or by spreading the signal overa broad bandwidth
so that the natural noise in the environment masksthe signal.

The most commonly
used TRANSEC technique is frequency hopping. In this system, the transmitter
frequency changes in accordance with a complex algorithm so rapidly that
it is difficult for an unauthorized person tolisten in
or to jam the signal. The receiver is synchronized so that it hops from
frequency to frequency in unison with the transmitter. A TRANSECkey system
modifies the hopping algorithm so that only transmitters and receivers
that use the same key can communicate.

Frequency
hopping scatters the intelligence over several hundred discretefrequencies.
A radio operator listening to one of these frequencies mayhear a short
“pop” of static. A broadband receiver could perhaps captureall of these
little bursts; however, the task of picking these bursts out of the other
natural and man- made bits of noise would be daunting, requiring a team
of experts several hours just to reassemble a short conversation.

Jamming one
channel would have minimal impact on the hopping communicator. To effectively
jam a frequency- hopping radio, most or all of the frequencies that the
hopping communicator uses would have to be jammed, thus preventing the
use of those frequencies as well. Harris Corporation’s AN/ PRC- 117, AN/
PRC- 138, FALCON and FALCON II transceivers are highly rated for their
frequency- hopping capabilities.

National Security
Agency (NSA) Certification

The inclusion
of COMSEC and TRANSEC capabilities into radio equipmentrequires
stringent design practices to ensure that not even a trace amountof the unencrypted
signal gets inadvertently transmitted along with theencrypted
signal.

For example,
an analog voice signal applied to the input of a radio has atendency
to cause slight fluctuations in the radio power supply that canactually
amplitude modulate the output power amplifier of the radio. Ifthis happens,
a sensitive receiver can detect the unencrypted audio signal.Having a
copy of both an original and encrypted message not only givesthe enemy
the specific unencrypted message, but places in jeopardy anysignals transmitted
with that same TEK and algorithm.

Similarly,
the cryptographic stream created by the COMSEC engine can“leak” to
the output through the power supply or because of inadequateinternal
shielding. If the enemy has a copy of the cryptographic stream, itcan be used
to decode the encrypted data.

To avoid these
and other similar problems, an impenetrable interface mustbe designed
into the radio and the COMSEC and TRANSEC modules thatkeep the
unencrypted signals totally separated from the circuits that create the
radio frequency signal. Those circuits that are associated with unencrypted
input signal are called “Red.” Those associated with the encrypted signal
are called “Black.” Red/ Black interface is the barrier between them.

In order for
a manufacturer to furnish COMSEC and TRANSEC modules and radios for high-
grade US Government use, a thorough testing programmust be designed
and then approved by the National Security Agency.The radios
are then meticulously tested by NSA experts to ensure thatnot a trace
of unencrypted signals escape into the radio frequency signalstream. Only
after passing many such tests can a company be certifiedto produce
this high- grade type of cryptographic equipment.

Harris Corporation,
RF Communications Division, is a supplier of NSA-certified
products and is a preferred supplier of information security forthe US Government
and the US Department of Defense. It is a leader inthe development
and production of US Government and exportable security products. The company
also provides a comprehensive line of secure products for the non- US Government
market. Harris radios have a wide variety of modern COMSEC and TRANSEC
engine options. These engines are also available as modules for incorporation
in OEM hardware.

Presidio

Presidio is
a high- speed full or half- duplex embeddable US governmentCOMSEC module,
used to secure digital voice or data traffic over radio,wireline
or other telecommunications media. Presidio is capable of dataencryption/
decryption at speeds up to E1 (2.048 Mbps) data rate. Presidiooffers COMSEC
equipment manufacturers a wide range of interoperabilityand key management
features as well as reduced size, weight and numberof devices
required, making Type 1 certification an easier process.

CITADEL ™

The CITADEL
cryptographic engine provides high- grade protection for USdomestic
and international customers over all modern communications media. It is
available with configurable key lengths and multiple algorithm options,
making CITADEL an ideal export encryption solution for a broad range
of communication products. The CITADEL supports both COMSEC and TRANSEC
functions allowing the device to be adapted to virtually anycommunication
environment.

Sierra ™

The Sierra
module addresses the need for an encryption technology thatcombines
the advantages of the government’s high- grade security withthe cost
efficiency of a reprogrammable, commercially produced encryptionmodule. It
provides a common security solution to users that can take onmultiple
encryption personalities depending on the mission that hasbeen programmed.

SUMMARY

COMSEC uses
cryptography or scrambling to make informationunintelligible
to people who do not have a need to know or whoshould not
know.

The security
level of a COMSEC system depends on the mathematicalcomplexity
of the algorithms and the number of variables in the key.

Protection
of the key is vital to securing the transmitted information.

Public key
cryptography is widely used in the commercial sector.

Over- The-
Air- Rekeying (OTAR) eliminates the need for manual loading of keys and
provides a more secure method of key management.

TRANSEC protects
the transmitted signal itself, to prevent signal detection or jamming of
the transmission path.

Low Probability
of Detection (LPD) systems use spread- spectrum and other techniques to
“hide” the signal beneath the natural noise level.

Frequency-
hopping radio systems jump rapidly in unison, from one frequency to another
in apparently random patterns, using a common timing reference.